Collaboration for powerful results

Connect with trusted partners enhancing the rConfig experience.

Harness the full power of rConfig with personalized expert guidance and seamless implementation, ensuring optimal performance and peace of mind—led by our world-renowned CTO

Professional Services

Products

Solutions

Resouces

Partners

Products

Solutions

Resouces

Partners

Collaboration for powerful results

Connect with trusted partners enhancing the rConfig experience.

Harness the full power of rConfig with personalized expert guidance and seamless implementation, ensuring optimal performance and peace of mind—led by our world-renowned CTO

Professional Services

Products

Solutions

Resouces

Partners

Security Advisories & Vulnerability Disclosures

We take security seriously and are proud of our strong track record.

Security Advisories & Vulnerability Disclosures

We take security seriously and are proud of our strong track record.

Security Advisories & Vulnerability Disclosures

We take security seriously and are proud of our strong track record.

Security Advisories & Vulnerability Disclosures

We take security seriously and are proud of our strong track record.

Security First

Why Security Matters in Network Configuration Management

In today’s IT and OT environments, configuration management systems are a critical part of your security perimeter. rConfig plays a central role in helping network and security teams maintain compliance, enforce policy, and automate device configuration—all while protecting against unauthorized access or compromise.

Our team actively monitors, tests, and hardens the rConfig platform against known vulnerabilities. Security is not a feature. It’s a foundational part of our development, testing, and release process.

Security First

Why Security Matters in Network Configuration Management

In today’s IT and OT environments, configuration management systems are a critical part of your security perimeter. rConfig plays a central role in helping network and security teams maintain compliance, enforce policy, and automate device configuration—all while protecting against unauthorized access or compromise.

Our team actively monitors, tests, and hardens the rConfig platform against known vulnerabilities. Security is not a feature. It’s a foundational part of our development, testing, and release process.

Security First

Why Security Matters in Network Configuration Management

In today’s IT and OT environments, configuration management systems are a critical part of your security perimeter. rConfig plays a central role in helping network and security teams maintain compliance, enforce policy, and automate device configuration—all while protecting against unauthorized access or compromise.

Our team actively monitors, tests, and hardens the rConfig platform against known vulnerabilities. Security is not a feature. It’s a foundational part of our development, testing, and release process.

Proven beyond doubt

Our Security Track Record

We are proud to say that rConfig has had zero reported vulnerabilities since 2019, when a single issue affecting the now-retired v3.x was disclosed and responsibly patched. Since then, our platform has gone through a complete transformation—culminating in the release of rConfig v7 and beyond, which includes:

Role-Based Access Control (RBAC)

rConfig enforces strict Role-Based Access Control (RBAC) to ensure that users only have access to the systems, devices, and actions they are permitted to use. This is critical in environments with multiple admins, engineers, or operators.

Secure API Endpoints

rConfig's RESTful API is secured using scoped, time-limited API tokens, allowing you to integrate with third-party tools and systems—securely. All API endpoints are protected via:

  • Token-based authentication

  • HTTPS encryption

  • IP whitelisting (optional)

  • Role-based token permissions

Automated Vulnerability Scanning

Every rConfig release goes through automated vulnerability scanning as part of our CI/CD pipeline. This includes:

  • Dependency scanning using tools like OWASP Dependency-Check and GitHub Security Advisories

  • Static code analysis for common security flaws

5,000+ Tests Run on Every Release

We run over 5,000 automated tests as part of every release cycle. This includes:

  • Unit tests for core logic and configuration parsing

  • Feature tests to validate real-world workflows (e.g., backup, compliance, and diff)

  • Integration tests for API calls, database interactions, and UI behaviors

We believe transparency is essential. If and when a security issue arises, we will always document it clearly, notify impacted users, and provide guidance or patches quickly.

Proven beyond doubt

Our Security Track Record

We are proud to say that rConfig has had zero reported vulnerabilities since 2019, when a single issue affecting the now-retired v3.x was disclosed and responsibly patched. Since then, our platform has gone through a complete transformation—culminating in the release of rConfig v7 and beyond, which includes:

Role-Based Access Control (RBAC)

rConfig enforces strict Role-Based Access Control (RBAC) to ensure that users only have access to the systems, devices, and actions they are permitted to use. This is critical in environments with multiple admins, engineers, or operators.

Secure API Endpoints

rConfig's RESTful API is secured using scoped, time-limited API tokens, allowing you to integrate with third-party tools and systems—securely. All API endpoints are protected via:

  • Token-based authentication

  • HTTPS encryption

  • IP whitelisting (optional)

  • Role-based token permissions

Automated Vulnerability Scanning

Every rConfig release goes through automated vulnerability scanning as part of our CI/CD pipeline. This includes:

  • Dependency scanning using tools like OWASP Dependency-Check and GitHub Security Advisories

  • Static code analysis for common security flaws

5,000+ Tests Run on Every Release

We run over 5,000 automated tests as part of every release cycle. This includes:

  • Unit tests for core logic and configuration parsing

  • Feature tests to validate real-world workflows (e.g., backup, compliance, and diff)

  • Integration tests for API calls, database interactions, and UI behaviors

We believe transparency is essential. If and when a security issue arises, we will always document it clearly, notify impacted users, and provide guidance or patches quickly.

Proven beyond doubt

Our Security Track Record

We are proud to say that rConfig has had zero reported vulnerabilities since 2019, when a single issue affecting the now-retired v3.x was disclosed and responsibly patched. Since then, our platform has gone through a complete transformation—culminating in the release of rConfig v7 and beyond, which includes:

Role-Based Access Control (RBAC)

rConfig enforces strict Role-Based Access Control (RBAC) to ensure that users only have access to the systems, devices, and actions they are permitted to use. This is critical in environments with multiple admins, engineers, or operators.

Secure API Endpoints

rConfig's RESTful API is secured using scoped, time-limited API tokens, allowing you to integrate with third-party tools and systems—securely. All API endpoints are protected via:

  • Token-based authentication

  • HTTPS encryption

  • IP whitelisting (optional)

  • Role-based token permissions

Automated Vulnerability Scanning

Every rConfig release goes through automated vulnerability scanning as part of our CI/CD pipeline. This includes:

  • Dependency scanning using tools like OWASP Dependency-Check and GitHub Security Advisories

  • Static code analysis for common security flaws

5,000+ Tests Run on Every Release

We run over 5,000 automated tests as part of every release cycle. This includes:

  • Unit tests for core logic and configuration parsing

  • Feature tests to validate real-world workflows (e.g., backup, compliance, and diff)

  • Integration tests for API calls, database interactions, and UI behaviors

We believe transparency is essential. If and when a security issue arises, we will always document it clearly, notify impacted users, and provide guidance or patches quickly.

Where to Find rConfig Security Advisories

As of now, no active advisories exist for the current versions (v7.x+). Historical advisories are listed below for reference:


Date Advisory ID Affected Version Status

CVE Reference 2019-07-10 rCFG-SA-2019-01 v3.x Resolved CVE-2023-39110

All current versions of rConfig (v7+) are unaffected.

We take it seriously

Responsible Disclosure Policy

If you’ve discovered a vulnerability or security issue in rConfig, we ask you to follow our responsible disclosure process. Here’s how you can report it securely:


  • Email: security@rconfig.com

  • Include a detailed description, steps to reproduce, and your contact info

  • We commit to acknowledging all submissions within 48 hours

  • We offer Hall of Fame credit and may offer other rewards based on severity and impact


We work with researchers, customers, and community contributors to ensure rConfig remains secure and reliable for everyone.

.. and we want to help

External Resources & Best Practices

To help you secure your rConfig instance and stay up to date with general vulnerability news, here are some helpful external links:



Summary

No current vulnerabilities in rConfig v7+


  • Last advisory: 2019 (v3.x only, resolved)

  • Secure Laravel core, API token auth, and hardened backend

  • Proactive testing and monitoring in every release

  • Responsible disclosure and fast patching guaranteed


Where to Find rConfig Security Advisories

As of now, no active advisories exist for the current versions (v7.x+). Historical advisories are listed below for reference:


Date Advisory ID Affected Version Status

CVE Reference 2019-07-10 rCFG-SA-2019-01 v3.x Resolved CVE-2023-39110

All current versions of rConfig (v7+) are unaffected.

We take it seriously

Responsible Disclosure Policy

If you’ve discovered a vulnerability or security issue in rConfig, we ask you to follow our responsible disclosure process. Here’s how you can report it securely:


  • Email: security@rconfig.com

  • Include a detailed description, steps to reproduce, and your contact info

  • We commit to acknowledging all submissions within 48 hours

  • We offer Hall of Fame credit and may offer other rewards based on severity and impact


We work with researchers, customers, and community contributors to ensure rConfig remains secure and reliable for everyone.

.. and we want to help

External Resources & Best Practices

To help you secure your rConfig instance and stay up to date with general vulnerability news, here are some helpful external links:



Summary

No current vulnerabilities in rConfig v7+


  • Last advisory: 2019 (v3.x only, resolved)

  • Secure Laravel core, API token auth, and hardened backend

  • Proactive testing and monitoring in every release

  • Responsible disclosure and fast patching guaranteed


Where to Find rConfig Security Advisories

As of now, no active advisories exist for the current versions (v7.x+). Historical advisories are listed below for reference:


Date Advisory ID Affected Version Status

CVE Reference 2019-07-10 rCFG-SA-2019-01 v3.x Resolved CVE-2023-39110

All current versions of rConfig (v7+) are unaffected.

We take it seriously

Responsible Disclosure Policy

If you’ve discovered a vulnerability or security issue in rConfig, we ask you to follow our responsible disclosure process. Here’s how you can report it securely:


  • Email: security@rconfig.com

  • Include a detailed description, steps to reproduce, and your contact info

  • We commit to acknowledging all submissions within 48 hours

  • We offer Hall of Fame credit and may offer other rewards based on severity and impact


We work with researchers, customers, and community contributors to ensure rConfig remains secure and reliable for everyone.

.. and we want to help

External Resources & Best Practices

To help you secure your rConfig instance and stay up to date with general vulnerability news, here are some helpful external links:



Summary

No current vulnerabilities in rConfig v7+


  • Last advisory: 2019 (v3.x only, resolved)

  • Secure Laravel core, API token auth, and hardened backend

  • Proactive testing and monitoring in every release

  • Responsible disclosure and fast patching guaranteed